Colorado Northwestern Community College President Ron Granger blurted out the first thing that came to mind when he was asked in August what he would do for the school if he had the money: build a cybersecurity program.
That was a pretty bold idea for a school serving a region best known for outdoor recreation and big-game hunting. But Granger said it to the right person: Attorney General Phil Weiser, who was figuring out what to do with the $3.6 million in settlement money Colorado received related to the Equifax data breach that exposed the personal information of 147 million people.
“The community college is one of the pillars of that community. And the community college needs to attract students, needs to develop talent,” Weiser said. “When Ron said ‘cybersecurity,’ it was like ding ding ding. I was like, ‘This is brilliant because there’s such a need for it.’ And I had the opportunity, with this Equifax settlement, to actually do something to support this effort. So when I heard it, I was like, ‘We need to talk.’”
On Tuesday, the AG’s Office in the Colorado Department of Law announced that the college, with locations in Rangely and Craig, will get $500,000 over three years to build that program. The plan is for the program to be sustainable by the fourth year.
While some of the remaining Equifax money will be used to fund consumer education programs, Weiser would also like to develop a student loan repayment program to encourage cybersecurity graduates to work for the government and other public sector organizations.
Weiser has some selfish reasons for this. His office has had a difficult time hiring and retaining cybersecurity professionals. The first time they posted an opening, no one applied.
“We posted it a second time and we got somebody,” Weiser said. “Within months, that person got a higher paying job and left.”
The loan program would be similar to those that help newly graduated lawyers and doctors by forgiving or paying down loans if they work for nonprofits or social services, or in rural areas.
“We’re exploring a loan repayment assistance program to provide a benefit to any cybersecurity professional who works in the public sector,” he said, “because right now, public sector entities are really vulnerable and a part of the vulnerability is this talent shortage.”
According to market research firm Cybersecurity Ventures, the cybersecurity worker shortage will balloon to 3.5 million unfilled jobs by 2021, up from 1 million in 2014.
And Colorado’s supply of trained workers seems to be shrinking — at least relative to how many new jobs are being created. According to CyberSeek, a site with tools to help companies and potential workers better understand the shortage, for every job opening, there are 1.5 workers employed in cybersecurity in Colorado, down from 1.8 workers last May. The nation’s average is two workers for every job opening.
“It feels like it’s just getting worse,” said Robb Reck, chief information security officer at Ping Identity, a Denver-based cybersecurity company. “But it’s not worse because we’re not having any success. We’re just not keeping pace (with global demand).”
In other words, companies of all sizes are getting hacked and attacked and are realizing they need more help. New laws are requiring companies to keep track of what happens to their customers’ data, with whom data is shared and how it’s disposed of when no longer needed.
For example, Colorado’s data-privacy law requires any company with more than 500 customers in Colorado to notify the AG’s Office and affected users of a data breach within 30 days. Last year, the AG’s Office heard from 90 companies, ranging from “businesses with five employees to 5,000-plus employees.” For smaller companies without a cybersecurity or IT employee, that’s extra work.
And there still aren’t enough cybersecurity professionals to fill the available jobs, Reck said.
“We’ve hired from (cybersecurity school) SecureSet, but they’re doing 30 people a semester,” Reck said. “In Denver, we’re generating thousands of new jobs every year. It’s just not keeping pace.”
Granger said he’s been thinking about creating a cybersecurity program for years but the cost was out of reach for the Moffat County school. The community college is still working out the details for the new program, but one of the goals is to get students thinking about cybersecurity and start taking some classes. They would leave with a security degree or certification and can continue their education elsewhere.
“They can go on and get advanced degrees if they want, but also get some certification so that if they’re just looking to go to work, which is a lot of what we do, they can get those certifications and go to work,” Granger said.
Next steps include hiring a teacher and approving the curriculum. He hopes the program will start by the Fall 2020. Some of the funding could also go towards student scholarships.
“My big dream was cybersecurity,” said Granger, adding that he didn’t think there were any cybersecurity companies in town — at least not yet. “We need to do that.”